Systems and methods for providing call verification

ABSTRACT

Systems and methods for providing call verification to prevent voice phishing, comprising: receiving a first API call, wherein the first API call is a call request from a service provider to establish a call with a client device associated with a client of the service provider; verifying an identity of the service provider, wherein verifying the identity of the service provider comprises: generating a second API call; transmitting the second API to a verification system; and receiving verification of the service provider from the verification system; transmitting a notification to the client device that includes an indication that an incoming call is from a verified service provider; verifying the identity of the client; and establishing the call between the service provider and the client after both the identity of the service provider and the identity of the client are verified.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of co-pending U.S. patent applicationSer. No. 15/468,805 filed Mar. 24, 2017, which is incorporated herein byreference in its entirety.

BACKGROUND OF THE INVENTION Field of the Invention

Embodiments of the present invention relate generally to communicationsystems for call verification and, more particularly, to methods andsystems for call verification to prevent voice phishing.

Description of the Related Art

Voice phishing (or vishing) is a criminal practice involving, forexample caller ID spoofing in which a number of the caller's choosing isdisplayed on the recipient's phone. Voice phishing is typically used tosteal credit card numbers or other sensitive information fromindividuals, where the information can later be used in identity theftschemes. For example, a criminal caller may place a call to anunsuspecting recipient, but replace his or her phone number with that ofa bank. To the recipient, it appears the call is coming from therecipient's bank. The criminal caller may ask for sensitive informationsuch as a social security number, birthdate, and the like. Since thecall appears to come from the recipient's bank, the recipient mayunwittingly expose their personal details to a criminal caller.

It is difficult for legal authorities to monitor and trace voicephishing. To protect themselves from voice phishing, consumers areadvised to be highly suspicious when a business asks for personalinformation over the telephone. As such, service providers look formethods to protect their customers, so the customers can trust thecaller.

Accordingly, there exists a need in the art for methods and systems forproviding call verification to prevent voice phishing.

SUMMARY OF THE INVENTION

Systems and methods for providing call verification to prevent voicephishing are provided herein. In some embodiments, the system mayinclude a verification system configured to: receive a call request fromthe service provider to establish a call with a client device associatedwith the client of the service provider; verify the identity of theservice provider; transmit a notification to the client device thatincludes an indication that an incoming call is from a verified serviceprovider; receive verification information about the client; verify theidentity of the client; and establish the call between the serviceprovider and the client after both the identity of the service providerand the identity of the client are verified.

In some embodiments, the method for providing call verification toprevent voice phishing may comprise: receiving a call request from aservice provider to establish a call with a client device associatedwith the client of the service provider; verifying the identity of theservice provider; transmitting a notification to the client device thatincludes an indication that an incoming call is from a verified serviceprovider; receiving verification information about the client; verifyingthe identity of the client; and establishing the call between theservice provider and the client after both the identity of the serviceprovider and the identity of the client are verified.

Other and further embodiments of the present invention are describedbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

So that the manner in which the above recited embodiments of the presentinvention can be understood in detail, a more particular description ofthe invention, briefly summarized above, may be had by reference toembodiments, some of which are illustrated in the appended drawings. Itis to be noted, however, that the appended drawings illustrate onlytypical embodiments of this invention and are therefore not to beconsidered limiting of its scope, for the invention may admit to otherequally effective embodiments.

FIG. 1 is a block diagram of a communication system for providing callverification to prevent voice phishing in accordance with one or moreembodiments of the invention;

FIG. 2 is a flow diagram of an exemplary method for providing callverification to prevent voice phishing in accordance with one or moreembodiments of the invention;

FIG. 3 is a flow diagram of an exemplary method for verifying theidentity of a caller in accordance with one or more embodiments of theinvention;

FIG. 4 is a flow diagram of an exemplary method for verifying theidentity of a client in accordance with one or more embodiments of theinvention; and

FIG. 5 is a depiction of a computer system that can be utilized invarious embodiments of the present invention.

To facilitate understanding, identical reference numerals have beenused, where possible, to designate identical elements that are common tothe figures. The figures are not drawn to scale and may be simplifiedfor clarity. It is contemplated that elements and features of oneembodiment may be beneficially incorporated in other embodiments withoutfurther recitation.

DETAILED DESCRIPTION

Embodiments consistent with the present invention are directed tomethods and systems for providing call verification to prevent voicephishing. Specifically, when a caller, such as a business (e.g., a bank,insurance company, etc.), places a call to a client, a call verificationsystem authenticates the caller (i.e., the business). The verificationsystem then sends the client a notification that a call is incoming andthat the caller has been verified. The notification also includes amechanism for the callee (i.e., the client) to be verified by the callverification system such that the caller may be assured the callee isthe client who the caller is expecting. Upon verification of both thebusiness and the client, the call is connected. Advantageously, abusiness can use the services provided by the call verification system,to ensure the client is indeed the recipient to whom the business placedthe call, and the client is assured that the caller is who they say theyare so the caller may be comfortable sharing sensitive information overthe phone.

Although the present disclosure describes a caller as being a business,those skilled in the art will appreciate that any service provider thathas a plurality of clients with whom they interact may use the disclosedinvention. In the present disclosure the words “business”, “caller”, and“service provider” are used interchangeably. Those skilled in the artwill also appreciate the present disclosure may be used by anon-business user in order to verify a contact using the verificationtechniques. For example, a user and a contact of the user may decide ona common “safe word” in advance and verify each other using the safeword. Other techniques for verification are disclosed below.

Some portions of the detailed description which follow are presented interms of operations on binary digital signals stored within a memory ofa specific apparatus or special purpose computing device or platform. Inthe context of this particular specification, the term specificapparatus or the like includes a general purpose computer once it isprogrammed to perform particular functions pursuant to instructions fromprogram software. In this context, operations or processing involvephysical manipulation of physical quantities. Typically, although notnecessarily, such quantities may take the form of electrical or magneticsignals capable of being stored, transferred, combined, compared orotherwise manipulated. It has proven convenient at times, principallyfor reasons of common usage, to refer to such signals as bits, data,values, elements, symbols, characters, terms, numbers, numerals or thelike. It should be understood, however, that all of these or similarterms are to be associated with appropriate physical quantities and aremerely convenient labels. Unless specifically stated otherwise, asapparent from the following discussion, it is appreciated thatthroughout this specification discussions utilizing terms such as“processing,” “computing,” “calculating,” “determining” or the likerefer to actions or processes of a specific apparatus, such as a specialpurpose computer or a similar special purpose electronic computingdevice. In the context of this specification, therefore, a specialpurpose computer or a similar special purpose electronic computingdevice is capable of manipulating or transforming signals, typicallyrepresented as physical electronic or magnetic quantities withinmemories, registers, or other information storage devices, transmissiondevices, or display devices of the special purpose computer or similarspecial purpose electronic computing device.

FIG. 1 is a block diagram of a system 100 for providing callverification to prevent voice phishing in accordance with one or moreembodiments of the invention. The system 100 comprises a serviceprovider server 102, a communication provider system 104, and a clientdevice 106, communicatively coupled via networks 108.

The service provider server 102 may comprise a Central Processing Unit(CPU) 110, support circuits 112, and a memory 114. The CPU 110 maycomprise one or more commercially available microprocessors ormicrocontrollers that facilitate data processing and storage. Thevarious support circuits 112 facilitate the operation of the CPU 110 andinclude one or more clock circuits, power supplies, cache, input/outputdevice and circuits, and the like. The memory 114 comprises at least oneof Read Only Memory (ROM), Random Access Memory (RAM), disk drivestorage, optical storage, removable storage and/or the like. In someembodiments, the memory 114 comprises an operating system 116, a clientdatabase 118, a verification keyword 130 (e.g., an applicationprogramming interface (API) key), and a verification secret 132 (e.g.,an API secret). An API key is a public unique identifier that identifiesthe business to verification system 140, which is part of communicationprovider system 104. An API secret is a secret shared between thebusiness and the verification system 140 and is used for authenticatingthe business to the verification system 140. The client database 118comprises a plurality of clients 120, wherein each client 120 comprisesa unique client identifier (ID) 122 (e.g., a telephone number), a pushtoken 124, a client device operating system type 126, and verificationcredentials 128. Verification credentials 128 may include for example, acode or passphrase, user identifier and password, or any item that maybe used to verify the identity of the client.

The operating system (OS) 116 generally manages various computerresources (e.g., network resources, file processors, and/or the like).The OS 116 is configured to execute operations on one or more hardwareand/or software modules, such as Network Interface Cards (NICs), harddisks, virtualization layers, firewalls and/or the like. Examples of theOS 116 may include, but are not limited to, various versions of LINUX,MAC OSX, BSD, UNIX, MICROSOFT WINDOWS, 10S, ANDROID and the like. Insome embodiments, OS 116 may include an application programminginterface (API) which can be used to access and client deviceinformation and features (such as, for example, mobile application 180on client device 106).

In some embodiments, the client device 106 may be a mobile computingdevice. Client device 106 may comprise a Central Processing Unit (CPU)170, support circuits 172, a display 174, and a memory 176 that includesan operating system 178, the mobile application 180. The CPU 170 maycomprise one or more commercially available microprocessors ormicrocontrollers that facilitate data processing and storage. Thevarious support circuits 172 facilitate the operation of the CPU 170 andinclude one or more clock circuits, power supplies, cache, input/outputdevice and circuits, and the like. The memory 176 comprises at least oneof Read Only Memory (ROM), Random Access Memory (RAM), disk drivestorage, optical storage, removable storage and/or the like.

The operating system (OS) 178 generally manages various computerresources (e.g., network resources, file processors, and/or the like).The OS 178 is configured to execute operations on one or more hardwareand/or software modules, such as Network Interface Cards (NICs), harddisks, virtualization layers, firewalls and/or the like. Examples of theOS 178 may include, but are not limited to, various versions of LINUX,MAC OSX, BSD, UNIX, MICROSOFT WINDOWS, 10S, ANDROID and the like. Insome embodiments, OS 178 may include an application programminginterface (API) that can be used to access client device information andfeatures (such as, for example, by mobile application 180. In someembodiments, the mobile application 180 may be any app that isassociated with a business, for example, a mobile banking app, insuranceportal, and the like. In some embodiments, the mobile application 180 isa VoIP app that provides over-the-top (OTT) VoIP telephony services toan end-user. In some embodiments, the mobile app 180 is a third-partyapp, such as a social media app or a security app. Although the mobileapp 180 is described herein as a separate stand-alone application, insome embodiments the mobile application 180 may be integrated into OS178, and may use existing API calls provided by the OS 178 to access orcontrol various features of client device 106. When the mobileapplication 180 is first registered, for example, when the client opensthe mobile application 180 for the first time, the mobile application180 registers a PUSH token that is stored on a server. As an example, ifthe mobile application is a mobile banking app, the PUSH token and thetype of operating system used on the client device is stored on thebanking server. If the mobile application is a VOIP app, the PUSH tokenand the type of operating system used on the client device is stored onthe VOIP service provider server.

The communication provider system 104 may be a communication serviceprovider, such as a VoIP service provider, that includes and maintainsverification system 140. In other embodiments, verification system 140may be a separate entity that provides call verification services tocommunication provider system 104, or to businesses, by agreement. Theverification system 140 may be an external cloud-based service and notpart of the communication provider system 104. The verification system140 verifies the identity of a business to a client and vice versa toprevent voice phishing. An exemplary verification system 140 may beNEXMO®, A VONAGE® API Platform.

The verification system 140 may include a Central Processing Unit (CPU)142, support circuits 144, and memory 146. The CPU 142 may comprise oneor more commercially available microprocessors or microcontrollers thatfacilitate data processing and storage. The various support circuits 144facilitate the operation of the CPU 142 and include one or more clockcircuits, power supplies, cache, input/output circuits, and the like.The memory 146 comprises at least one of Read Only Memory (ROM), RandomAccess Memory (RAM), disk drive storage, optical storage, removablestorage and/or the like. In some embodiments, the memory 146 comprisesan operating system 148, a business database 150, a client verifier 164,and a business verifier 166. The operating system 148 generally managesvarious computer resources (e.g., network resources, file processors,and/or the like). The operating system 148 is configured to executeoperations on one or more hardware and/or software modules, such asNetwork Interface Cards (NICs), hard disks, virtualization layers,firewalls and/or the like. Examples of the operating system 148 mayinclude, but are not limited to, various versions of LINUX, MAC OSX,BSD, UNIX, MICROSOFT WINDOWS, 10S, ANDROID and the like.

In some embodiments, the business database 150 may store informationassociated with one or more businesses 152 that are providedverification services by the verification system 140. When a businesssigns up for verification services with the verification system 140, thebusiness is assigned a verification keyword 156 (e.g., an API key), anda verification secret 158 (e.g., an API secret), which are stored with aunique business identifier 154 in the business database 150.

The networks 108 comprise one or more communication systems that connectcomputers by wire, cable, fiber optic and/or wireless link facilitatedby various types of well-known network elements, such as hubs, switches,routers, and the like. The networks 108 may include an Internet Protocol(IP) network, a public switched telephone network (PSTN), or othermobile communication networks, and may employ various well-knownprotocols to communicate information amongst the network resources.

Although the client database 118 is shown on service provider server102, in some embodiments, the client database 118 may be located onverification system 140 or communication provider system 104.

In operation, a salesperson or other business employee places a call toa client associated with client device 106. The call request may be forexample, an API call, an HTTP request, a SIP request, or any otherprotocol to communicate the call request. The business caller may placethe call from a dashboard app, a VOIP app, or the like. In someembodiments, the client may be identified using dual tonemulti-frequency signaling (DTMF) to an interactive voice response (IVR)system, or speech to text. The business caller may enter a client nameor client phone number. The client name is translated using a lookuptable to determine the client phone number. Whether the call request isdirected through a communication provider system or directly through theverification system, the call is not established until the identities ofboth the caller and callee are verified. In some embodiments, the callis placed on hold until the client is verified and subsequentlyconnected to the call. In some embodiments, the call is not establisheduntil verification of both the caller and callee is complete. In someembodiments, an API call is generated and sent to the verificationsystem 140. The API call includes at least the client ID 122 (i.e.,phone number), the verification keyword 130, and the verification secret132. The business verifier 166 uses the verification secret 132 to readthe API call. The verification keyword 130 identifies the business 152that is placing the call by comparing the verification keyword receivedin the API call to the keyword 156 in the business database 150. If thekeyword 130 in the API call matches the keyword 156 in the businessdatabase 150, the identity of the business is determined to be verifiedto the communication provider. The business must then be verified to thecallee.

If the business caller placed a call from an app, such as a VoIP app,the business verifier 166 sends a PUSH notification to the businesscaller's VoIP app. In some embodiments, the business caller is provideda way to verify him or herself. For example, the PUSH notification mayinclude a universal resource locator (URL) that the business callerselects in order to arrive at a webpage where the business caller mayverify him or herself. The verification credentials 128 for the client(i.e., callee) may include a passphrase previously selected by theclient. Upon navigating to webpage, the business caller may seedisplayed a list of, for example, ten words or phrases, one of which isthe passphrase and nine are dummy phrases. The business caller selectsthe passphrase, previously agreed upon by the client, from the ten wordsor phrases. The business verifier 166 compares the selected passphraseto the stored verification credentials 128. A correct selection isdetermined to be verification of the identity of the business caller.Conversely, an incorrect selection indicates the business caller is notwho they claim to be.

If the business caller did not place the call from an app, such as aVoIP app, the business caller may be sent an SMS text or email messagethat includes the URL where the business caller may verify him orherself.

Once the identity of the business is verified, the verification system140 attempts to verify the client to whom the business placed the call.Verifying the client ensures that the person who answers the phone isthe client the business wants to speak with. In order to verify theidentity of the client, the client verifier 164 sends a notification tothe client indicating that a call is incoming from a verified business.The notification may identify the business and indicate that the callerhas been verified. The notification may include a request that the userof the client device verify him or herself to the business. If theclient device 106 includes a mobile app 180 either associated with thebusiness, a VOIP app, a social media app, or the like, the clientverifier 164 may verify the identity of the client by sending a PUSHnotification to the mobile app 180 on the client device 106. In order tosend the PUSH notification, the client verifier 164 must have theclient's PUSH token 124 that identifies the mobile app 180 where thePUSH notification is to be sent, a type of the client device operatingsystem 126, and verification credentials 128 that may be used to verifythe identity of the client. If the client device 106 does not include amobile app 180 that can receive PUSH notifications, the client verifier164 may send a short message service (SMS) text to the client device 106or send an email to the client. The PUSH notification/SMS text/emailindicates that the identity of the business calling has been verifiedand also includes a way for the client to verify themselves to theverification system 140.

In some embodiments, if the call request was an API call, the API callreceived on the verification system 140 includes the PUSH token 124,type of client device operating system 126, and verification credentials128 of the client to whom the business is placing the call. In someembodiments, the client verifier 164 generates an API call and sends theAPI call to the service provider server 102, to access informationassociated with the client 120. The information associated with theclient may include the PUSH token 124, type of client device operatingsystem 126, and verification credentials 128. In the event the clientdevice 106 does not include a mobile app 180, the response from theservice provider server 102 will not have a PUSH token nor a type ofclient device operating system stored for the client 120. In suchinstance, the service provider server 102 may simply return theverification credentials 128 of the client 120. In some embodiments, theservice provider server 102 may also return an email address associatedwith the client 120.

If the client device 106 includes a mobile app 180, the client verifier164 sends a PUSH notification to the mobile app 180 indicating thatthere is an incoming call from a business and that the business has beenverified. In some embodiments, the PUSH notification includes thetelephone number that is going to call the client. In some embodiments,when it is determined that the PUSH notification arrived at the mobileapp 180, the call from the business to the client is connected. In someembodiments, the client is shown a way to verify him or herself. Forexample, the PUSH notification may include a universal resource locator(URL) that the client must select in order to navigate to a webpagewhere the client may verify him or herself. For example, theverification credentials 128 may include a passphrase previouslyselected by the client. The webpage may include a list of, for example,ten words or phrases, one of which is the passphrase and nine are dummyphrases. In some embodiments, the business caller may be verified to theclient by seeing that the passphrase exists in the list. In order forthe client to verify back to the business caller, the client must selecthis or her previously selected passphrase from the ten words or phrases.The client verifier 164 compares the selected passphrase to the storedverification credentials 128. A correct selection is determined to beverification of the identity of the client. In such embodiments, onlyafter the client is verified is the call between the business and theclient connected. In some embodiments, the client may be asked to enterhis or her username and password, or a one-time password, which are thensent to the verification system 140 for evaluation. In some embodiments,upon receipt of the PUSH notification, the client's credentials (e.g.,username and password) are automatically sent from the mobile app 180 tothe verification system 140.

In the event the client device 106 does not include a mobile app 180,the client verifier 164 may send the client device 106 an SMS text thatincludes the URL where the client may verify him or herself. In someembodiments, a third party app may provide a notification to the clientregarding the incoming call from the verified business. For example, ifthe call is coming from a bank and the bank has a webpage on, forexample FACEBOOK, the notification may be delivered to the client device106 via the bank's FACEBOOK page.

Only after the identities of both the business and the client areverified, is the call between the two parties connected.

Exemplary methods that may be performed by one or more elements ofsystem 100 for providing call verification to prevent voice phishing aredescribed below with respect to FIG. 2. FIG. 2 is a flow diagram of anexemplary method 200 for providing call verification in voice telephonycommunications. The method 200 starts at 202 and proceeds to 204.

At 204, the verification system 140 receives a call request from someoneassociated with a business. The call request is directed to a client ofthe business. The call request may be in the form of an API call, anHTTP request, a SIP request, and the like. In some embodiments, the APIcall includes identification information associated with the businessinitiating the call to the client. The identification information aboutthe business may include, but is not limited to, the verificationkeyword 130 and the verification secret 132 of a business, a client ID122 associated with a client 120, and the like.

At 206, the verification system 140 verifies the business, as describedin further detail with respect to FIG. 3 below. If at step 206, it isdetermined that the business cannot be verified, then the methodproceeds to step 214 and ends. However, if at step 206, if the businessis verified, then at step 208, a notification is sent to the clientdevice indicating that a call request was received from a business andthe business has been verified.

At step 210, it is determined whether the person who at the clientdevice is indeed the client to whom the business would like to speak, asdescribed in further detail with respect to FIG. 4, below.

If at step 210, it is determined that the client cannot be verified,then the method proceeds to step 214 and ends. However, if at step 210,it is determined that the person at the client device is indeed theclient to whom the business would like to speak, then at step 212, thecall between the business and the client is connected. Thus, the clientand business may exchange sensitive information without worrying aboutvoice phishing. The method 200 ends at step 214.

FIG. 3 is a flow diagram of an exemplary method 300 for verifying theidentity of a caller in accordance with one or more embodiments of theinvention. The method 300 starts at step 302 and proceeds to step 304.

At step 304, the call request is received. If the call request is an APIcall, the verification system 140 receives the API call which includesthe verification keyword and verification secret of the business. Theverification keyword and verification secret are extracted from the APIcall. The verification keyword identifies the business to theverification server. The secret is used to authenticate the business asonly the business and the verification system share the secret.

At 306, the verification information for the business is retrieved froma database on the verification system. The verification secretassociated with the verification keyword is retrieved.

At step 308, it is determined whether the verification keyword andverification secret received in the API call match the verificationkeyword and verification secret that were previously assigned to thebusiness and stored in the business database. If the informationmatches, then the business is determined to be verified by theverification system. If the information does not match, then it isdetermined that the caller is not the indicated business and is rather,voice phishing. The business caller is then verified to the client.

If the business caller placed a call from an app, such as a VoIP app,the business verifier 166 sends a PUSH notification to the businesscaller's VoIP app. In some embodiments, the business caller is shown away to verify him or herself. For example, the PUSH notification mayinclude a universal resource locator (URL) that the business caller maynavigate to in order to verify him or herself. For example, theverification credentials 128 for the client (i.e., callee) may include apassphrase previously selected by the client. The URL may include a listof, for example, ten words or phrases, one of which is the passphraseand nine are dummy phrases, and the business caller must select thepassphrase, previously agreed upon by the client, from the ten words orphrases. The business verifier 166 compares the selected passphrase tothe stored verification credentials 128. A correct selection isdetermined to be verification of the identity of the business caller. Ifthe business caller did not place the call from an app, such as a VoIPapp, the business caller may be sent an SMS text or email message thatincludes the URL where the business caller may verify him or herself.

If at step 308 the identity of the business is verified, and the clientinformation was not sent with the initial call request, then at step310, an API call may be generated and sent to a service provider serverto request information for the client. The information may include aPUSH token, a type of operating system of the client device,verification credentials, an email address, and the like. The methodends at step 312.

FIG. 4 is a flow diagram of an exemplary method 400 for verifying theidentity of a client in accordance with one or more embodiments of theinvention. The method 400 starts at step 402 and proceeds to step 404.

At step 404, the client device capabilities are determined based on theinformation received in response to the API call. The client device mayinclude a mobile app that is capable of receiving a PUSH notification.Without a mobile app, a notification may be sent using, for example anSMS text message, an email message and the like.

At step 406, it is determined whether the client device includes amobile app. If the information received from the API call includes aPUSH token and a type of operating system of the client device, then itis determined that the client device includes a mobile app. However, ifa PUSH token and type of operating system are not received in responseto the API call, then it is determined that the client device does notinclude a mobile app. If at step 406, it is determined that the clientdevice includes a mobile app, then the method proceeds to step 410.

At step 410, a PUSH notification is sent to the mobile app on the clientdevice indicating a phone number of a verified incoming call. The PUSHtoken received in the API call operates as an address that identifiesthe app on the client device where the PUSH notification is to be sent.In some embodiments, the notification may trigger the mobile app toreturn client credentials stored in the mobile app to verify the client.In some embodiments, the PUSH notification indicates a URL for a webpagewhere the client may go to verify him or herself in response to averification challenge.

If at step 406, it is determined that the client device does not includea mobile app, then at step 408, an SMS message or an email message isgenerated and sent to the client device. The SMS or email messageincludes the URL where the client may go to verify him or herself.

At step 412, input is received from the client in response to averification challenge. In some embodiments, a URL where the clientverifies him or herself may include a list of, for example, ten words orphrases, one of which is the passphrase and nine are dummy phrases. Thelist is generated by a client verifier and includes a passcode that waspreselected by the client and stored on the service provider server asverification credentials. The client may select the passcode from thelist of words or phrases. The selection is compared to the client'sverification credentials that were received in the API call to theservice provider server. If the correct passcode was selected, theclient is determined to be verified. In some embodiments, the URLdisplays input areas for the client to input a login and password. Insome embodiments, the URL includes a selection of PINs for the client toselect or an input area where the client may enter their PIN. Any methodof checking a client against the previously stored verificationcredentials of the client may be utilized to verify the client.

If the verification credentials match the client input, then at step416, the client is verified. However if the verification credentials donot match the client input, then at step 418, the client is determinedto be not verified. The method 400 ends at step 420.

The embodiments of the present invention may be embodied as methods,apparatus, electronic devices, and/or computer program products.Accordingly, the embodiments of the present invention may be embodied inhardware and/or in software (including firmware, resident software,micro-code, and the like), which may be generally referred to herein asa “circuit” or “module”. Furthermore, embodiments of the presentinvention may take the form of a computer program product on acomputer-usable or computer-readable storage medium havingcomputer-usable or computer-readable program code embodied in the mediumfor use by or in connection with an instruction execution system. In thecontext of this document, a computer-usable or computer-readable mediummay be any medium that can contain, store, communicate, propagate, ortransport the program for use by or in connection with the instructionexecution system, apparatus, or device. These computer programinstructions may also be stored in a computer-usable orcomputer-readable memory that may direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer usable orcomputer-readable memory produce an article of manufacture includinginstructions that implement the function specified in the flowchartand/or block diagram block or blocks.

The computer-usable or computer-readable medium may be, for example butnot limited to, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus or device. More specificexamples (a non-exhaustive list) of the computer-readable medium includethe following: hard disks, optical storage devices, magnetic storagedevices, an electrical connection having one or more wires, a portablecomputer diskette, a random access memory (RAM), a read-only memory(ROM), an erasable programmable read-only memory (EPROM or Flashmemory), an optical fiber, and a compact disc read-only memory (CD-ROM).

Computer program code for carrying out operations of the presentinvention may be written in an object oriented programming language,such as Java®, Smalltalk or C++, and the like. However, the computerprogram code for carrying out operations of the present invention mayalso be written in conventional procedural programming languages, suchas the “C” programming language and/or any other lower level assemblerlanguages. It will be further appreciated that the functionality of anyor all of the program modules may also be implemented using discretehardware components, one or more Application Specific IntegratedCircuits (ASICs), or programmed Digital Signal Processors ormicrocontrollers.

The foregoing description, for purpose of explanation, has beendescribed with reference to specific embodiments. However, theillustrative discussions above are not intended to be exhaustive or tolimit the invention to the precise forms disclosed. Many modificationsand variations are possible in view of the above teachings. Theembodiments were chosen and described in order to best explain theprinciples of the present disclosure and its practical applications, tothereby enable others skilled in the art to best utilize the inventionand various embodiments with various modifications as may be suited tothe particular use contemplated.

FIG. 5 depicts a computer system 500 that can be utilized in variousembodiments of the present invention to implement the computer and/orthe display, according to one or more embodiments.

Various embodiments of method and apparatus for providing callverification to prevent voice phishing, as described herein, may beexecuted on one or more computer systems, which may interact withvarious other devices. One such computer system is computer system 500illustrated by FIG. 5, which may in various embodiments implement any ofthe elements or functionality illustrated in FIGS. 1-4. In variousembodiments, computer system 500 may be configured to implement methodsdescribed above. The computer system 500 may be used to implement anyother system, device, element, functionality or method of theabove-described embodiments. In the illustrated embodiments, computersystem 500 may be configured to implement the methods 200, 300 and 400as processor-executable executable program instructions 522 (e.g.,program instructions executable by processor(s) 510) in variousembodiments.

In the illustrated embodiment, computer system 500 includes one or moreprocessors 510 a-510 n coupled to a system memory 520 via aninput/output (I/O) interface 530. Computer system 500 further includes anetwork interface 540 coupled to I/O interface 530, and one or moreinput/output devices 550, such as cursor control device 560, keyboard570, and display(s) 580. In various embodiments, any of the componentsmay be utilized by the system to receive client input described above.In various embodiments, a client interface may be generated anddisplayed on display 580. In some cases, it is contemplated thatembodiments may be implemented using a single instance of computersystem 500, while in other embodiments multiple such systems, ormultiple nodes making up computer system 500, may be configured to hostdifferent portions or instances of various embodiments. For example, inone embodiment some elements may be implemented via one or more nodes ofcomputer system 500 that are distinct from those nodes implementingother elements. In another example, multiple nodes may implementcomputer system 500 in a distributed manner.

In different embodiments, computer system 500 may be any of varioustypes of devices, including, but not limited to, a personal computersystem, desktop computer, laptop, notebook, or netbook computer,mainframe computer system, handheld computer, workstation, networkcomputer, a camera, a set top box, a mobile device, a consumer device,video game console, handheld video game device, application server,storage device, a peripheral device such as a switch, modem, router, orin general any type of computing or electronic device.

In various embodiments, computer system 500 may be a uniprocessor systemincluding one processor 510, or a multiprocessor system includingseveral processors 510 (e.g., two, four, eight, or another suitablenumber). Processors 510 may be any suitable processor capable ofexecuting instructions. For example, in various embodiments processors510 may be general-purpose or embedded processors implementing any of avariety of instruction set architectures (ISAs). In multiprocessorsystems, each of processors 510 may commonly, but not necessarily,implement the same ISA.

System memory 520 may be configured to store program instructions 522and/or data 532 accessible by processor 510. In various embodiments,system memory 520 may be implemented using any suitable memorytechnology, such as static random access memory (SRAM), synchronousdynamic RAM (SDRAM), nonvolatile/Flash-type memory, or any other type ofmemory. In the illustrated embodiment, program instructions and dataimplementing any of the elements of the embodiments described above maybe stored within system memory 520. In other embodiments, programinstructions and/or data may be received, sent or stored upon differenttypes of computer-accessible media or on similar media separate fromsystem memory 520 or computer system 500.

In one embodiment, I/O interface 530 may be configured to coordinate I/Otraffic between processor 510, system memory 520, and any peripheraldevices in the device, including network interface 540 or otherperipheral interfaces, such as input/output devices 550. In someembodiments, I/O interface 530 may perform any necessary protocol,timing or other data transformations to convert data signals from onecomponent (e.g., system memory 520) into a format suitable for use byanother component (e.g., processor 510). In some embodiments, I/Ointerface 530 may include support for devices attached through varioustypes of peripheral buses, such as a variant of the Peripheral ComponentInterconnect (PCI) bus standard or the Universal Serial Bus (USB)standard, for example. In some embodiments, the function of I/Ointerface 530 may be split into two or more separate components, such asa north bridge and a south bridge, for example. Also, in someembodiments some or all of the functionality of I/O interface 530, suchas an interface to system memory 520, may be incorporated directly intoprocessor 510.

Network interface 540 may be configured to allow data to be exchangedbetween computer system 500 and other devices attached to a network(e.g., network 590), such as one or more external systems or betweennodes of computer system 500. In various embodiments, network 590 mayinclude one or more networks including but not limited to Local AreaNetworks (LANs) (e.g., an Ethernet or corporate network), Wide AreaNetworks (WANs) (e.g., the Internet), wireless data networks, some otherelectronic data network, or some combination thereof. In variousembodiments, network interface 540 may support communication via wiredor wireless general data networks, such as any suitable type of Ethernetnetwork, for example; via telecommunications/telephony networks such asanalog voice networks or digital fiber communications networks; viastorage area networks such as Fiber Channel SANs, or via any othersuitable type of network and/or protocol.

Input/output devices 550 may, in some embodiments, include one or moredisplay terminals, keyboards, keypads, touchpads, scanning devices,voice or optical recognition devices, or any other devices suitable forentering or accessing data by one or more computer systems 500. Multipleinput/output devices 550 may be present in computer system 500 or may bedistributed on various nodes of computer system 500. In someembodiments, similar input/output devices may be separate from computersystem 500 and may interact with one or more nodes of computer system500 through a wired or wireless connection, such as over networkinterface 540.

In some embodiments, the illustrated computer system may implement anyof the operations and methods described above, such as the methodsillustrated by the flowchart of FIGS. 2-4. In other embodiments,different elements and data may be included.

Those skilled in the art will appreciate that computer system 500 ismerely illustrative and is not intended to limit the scope ofembodiments. In particular, the computer system and devices may includeany combination of hardware or software that can perform the indicatedfunctions of various embodiments, including computers, network devices,Internet appliances, PDAs, wireless phones, pagers, and the like.Computer system 500 may also be connected to other devices that are notillustrated, or instead may operate as a stand-alone system. Inaddition, the functionality provided by the illustrated components mayin some embodiments be combined in fewer components or distributed inadditional components. Similarly, in some embodiments, the functionalityof some of the illustrated components may not be provided and/or otheradditional functionality may be available.

Those skilled in the art will also appreciate that, while various itemsare illustrated as being stored in memory or on storage while beingused, these items or portions of them may be transferred between memoryand other storage devices for purposes of memory management and dataintegrity. Alternatively, in other embodiments some or all of thesoftware components may execute in memory on another device andcommunicate with the illustrated computer system via inter-computercommunication. Some or all of the system components or data structuresmay also be stored (e.g., as instructions or structured data) on acomputer-accessible medium or a portable article to be read by anappropriate drive, various examples of which are described above. Insome embodiments, instructions stored on a computer-accessible mediumseparate from computer system 500 may be transmitted to computer system500 via transmission media or signals such as electrical,electromagnetic, or digital signals, conveyed via a communication mediumsuch as a network and/or a wireless link. Various embodiments mayfurther include receiving, sending or storing instructions and/or dataimplemented in accordance with the foregoing description upon acomputer-accessible medium or via a communication medium. In general, acomputer-accessible medium may include a storage medium or memory mediumsuch as magnetic or optical media, e.g., disk or DVD/CD-ROM, volatile ornon-volatile media such as RAM (e.g., SDRAM, DDR, RDRAM, SRAM, and thelike), ROM, and the like.

The methods described herein may be implemented in software, hardware,or a combination thereof, in different embodiments. In addition, theorder of methods may be changed, and various elements may be added,reordered, combined, omitted or otherwise modified. All examplesdescribed herein are presented in a non-limiting manner. Variousmodifications and changes may be made as would be obvious to a personskilled in the art having benefit of this disclosure. Realizations inaccordance with embodiments have been described in the context ofparticular embodiments. These embodiments are meant to be illustrativeand not limiting. Many variations, modifications, additions, andimprovements are possible. Accordingly, plural instances may be providedfor components described herein as a single instance. Boundaries betweenvarious components, operations and data stores are somewhat arbitrary,and particular operations are illustrated in the context of specificillustrative configurations. Other allocations of functionality areenvisioned and may fall within the scope of claims that follow. Finally,structures and functionality presented as discrete components in theexample configurations may be implemented as a combined structure orcomponent. These and other variations, modifications, additions, andimprovements may fall within the scope of embodiments as defined in theclaims that follow.

While the foregoing is directed to embodiments of the present invention,other and further embodiments of the invention may be devised withoutdeparting from the basic scope thereof, and the scope thereof isdetermined by the claims that follow.

The invention claimed is:
 1. A verification system for providing callverification, comprising: a) at least one processor; b) at least oneinput device; and c) at least one storage device storing processorexecutable instructions which, when executed by the at least oneprocessor, perform a method to: receive a first Application ProgrammingInterface (API) call, wherein the first API call is a call request froma service provider to establish a call with a client device associatedwith a client of the service provider; verify an identity of the serviceprovider, wherein verifying the identity of the service providercomprises: generating a second API call; transmitting the second APIcall to a verification system; and receiving verification of the serviceprovider from the verification system; transmit a notification to theclient device that includes an indication that an incoming call is froma verified service provider; verify the identity of the client, whereinverifying the identity of the client comprises: generating a third APIcall; transmitting the third API call to the service provider server;and receiving, from the service provider, information for verifying theclient; and establish the call between the service provider and theclient after both the identity of the service provider and the identityof the client are verified.
 2. The verification system of claim 1,wherein the executable instructions further perform the method toreceive verification information about the client.
 3. The verificationsystem of claim 1, wherein the call request comprises verificationcredentials for verifying the client.
 4. The verification system ofclaim 1, wherein the notification is a PUSH notification to a mobileapplication on the client device, and wherein the mobile application isa mobile application associated with the service provider.
 5. Theverification system of claim 1, wherein the notification is one of ashort message service (SMS) text message or email text message.
 6. Theverification system of claim 1, wherein the indication included in thenotification is a passphrase previously provided to the service providerby the client.
 7. The verification system of claim 6, wherein thepassphrase is included along with a plurality of dummy phrases.
 8. Theverification system of claim 1, wherein the notification includes auniversal resource locator (URL), wherein the URL is an address of awebpage that comprises an input area for the client to provideverification information in response to a verification challenge.
 9. Acomputer-implemented method for providing call verification, comprising:receiving a first Application Programming Interface (API) call, whereinthe first API call is a call request from a service provider toestablish a call with a client device associated with a client of theservice provider; verifying an identity of the service provider, whereinverifying the identity of the service provider comprises: generating asecond API call; transmitting the second API call to a verificationsystem; and receiving verification of the service provider from theverification system; transmitting a notification to the client devicethat includes an indication that an incoming call is from a verifiedservice provider; verifying the identity of the client, whereinverifying the identity of the client comprises: generating a third APIcall; transmitting the third API call to the service provider server;and receiving, from the service provider, information for verifying theclient; and establishing the call between the service provider and theclient after both the identity of the service provider and the identityof the client are verified.
 10. The computer-implemented method of claim9, wherein the method further comprises receiving verificationinformation about the client.
 11. The computer-implemented method ofclaim 9, wherein the call request comprises verification credentials forverifying the client.
 12. The computer-implemented method of claim 9,wherein the notification is a PUSH notification to a mobile applicationon the client device.
 13. The computer-implemented method of claim 12,wherein the mobile application is a mobile application associated withthe service provider.
 14. The computer-implemented method of claim 9,wherein the notification is one of a short message service (SMS) textmessage or email text message.
 15. The computer-implemented method ofclaim 9, wherein the indication included in the notification is apassphrase previously provided to the service provider by the client.16. The computer-implemented method of claim 15, wherein the passphraseis included along with a plurality of dummy phrases.
 17. Thecomputer-implemented method of claim 9, wherein the notificationincludes a universal resource locator (URL), wherein the URL is anaddress of a webpage that comprises an input area for the client toprovide verification information in response to a verificationchallenge.
 18. A non-transitory computer readable medium for storingcomputer instructions that, when executed by at least one processorcauses the at least one processor to perform a method for providing callverification to prevent voice phishing, comprising: receiving a firstApplication Programming Interface (API) call, wherein the first API callis a call request from a service provider to establish a call with aclient device associated with a client of the service provider;verifying an identity of the service provider, wherein verifying theidentity of the service provider comprises: generating a second APIcall; transmitting the second API call to a verification system; andreceiving verification of the service provider from the verificationsystem; transmitting a notification to the client device that includesan indication that an incoming call is from a verified service provider;verifying the identity of the client, wherein verifying the identity ofthe client comprises: generating a third API call; transmitting thethird API call to the service provider server; and receiving, from theservice provider, information for verifying the client; and establishingthe call between the service provider and the client after both theidentity of the service provider and the identity of the client areverified.